Lucene search
+L
MishubdWp Human Resource Management

4 matches found

CVE
CVE
added 2019/03/05 9:0 p.m.54 views

CVE-2019-9574

The WP Human Resource Management plugin for WordPress is affected in versions before 2.2.6. The root cause is insufficient access control: leave modifications may not be performed within the context of the Administrator or HR Manager role. The description does not detail exploitability or affecte...

7.5CVSS7.5AI score0.02408EPSS
CVE
CVE
added 2019/03/05 9:0 p.m.51 views

CVE-2019-9573

The CVE-2019-9573 entry concerns the WordPress WP Human Resource Management plugin, specifically versions prior to 2.2.6. The public description states that the plugin mishandles leave applications, indicating a logic/authorization or data-handling issue in how leave requests are processed. CVSS ...

7.5CVSS7.6AI score0.01805EPSS
CVE
CVE
added 2025/07/04 1:44 a.m.37 views

CVE-2025-5956

CVE-2025-5956 concerns the WordPress plugin WP Human Resource Management (versions 2.0.0–2.2.17). The root cause is missing authorization in the ajax_delete_employee() handler, which reads $_POST['delete'] and passes IDs to wp_delete_user() without verifying delete_users capability or restricting...

8.1CVSS6.3AI score0.00293EPSS
CVE
CVE
added 2025/07/04 1:44 a.m.33 views

CVE-2025-5953

CVE-2025-5953 affects the WordPress plugin WP Human Resource Management (hrm) (versions 2.0.0–2.2.17). The vulnerability arises from missing authorization checks in the AJAX handlers ajax_insert_employee() and update_employee() . The attacker, authenticated with Employee-level access or higher , ...

8.8CVSS6.3AI score0.00364EPSS